BTW, sure spot claims end to end encryption
Quoting Pirate Praveen (2014-08-06 13:27:04)
> On Wednesday 06 August 2014 04:50 PM, Jonas Smedegaard wrote:
>> Being Free Software (or Open Source as some prefer to label it) is
>> good (but percentage is silly: either it is or it isn't Free
>> Software!)
>>
>> What I objected to, however, was not the freedoms defined by "Free
>> Software" and "Open Source", but instead the freedom of independence
>> and staying in control of own devices and own data - a.k.a. privacy.
>>
>> Code can be "100% open source" while breaching privacy.
>
> If we do end-to-end encryption, we can guarantee privacy.
You need to ensure both that a) the end-to-end encryption protocols are
properly designed, and b) those protocols are implemented securely.
I would advice against trusting guarantees issued by debian-dug-in
because I am unaware of any good track record of guarantees issued here.
I would recommend to instead follow advices from the Guardian project.
> But if we depend on a centralized service, we are creating dependence,
> for some reason if the service provider is shut down, you are out of
> luck. Also I couldn't figure out what protocol they use from their
> FAQ. So my recommendations are TextSecure or XMPP/OTR. I use Loqui IM
> on my Firefox OS phone (there is no TextSecure yet for Firefox OS)
> with OTR support. On desktop, you can use pidgin with otr plugin.
Beware that Pidgin has a very bad track record regarding security.
Personally I use Pidgin, but I don't rely on the OTR plugin.
If you need to trust OTR, you should probably use an alternative
implementation - some say Jitsi is better.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private